By:
On:
In: *Connecting the Dots Blog*, Information Privacy, Information Security, Legal, Regulatory Compliance

  A recent GAO report has revealed that federal agencies utilizing contracted workers are failing to implement contractual assurances with third-parties regarding the protection of sensitive information. GAO auditors examined the contracting practices of three of the largest federal agencies and of those three, only one (DHS) required third-party companies to sign standard contracts requiring the contractors to follow best practices in safeguarding sensitive information. In a recent data breach, a TSA contractor allegedly provided a Boston couple the social security numbers for more than a dozen TSA workers.  Third-parties are increasingly responsible for data breaches, but most often, the hiring agency or company willRead More →

By:
On:
In: *Connecting the Dots Blog*, Human Resources

A recent story made headlines in The Washington Post, providing an excellent example of how a lack of implementation can lead to embarrassing headlines and illegal and costly results. This story came up because of a previous story The Washington Post (and other media outlets) reported involving Obama officials being invited to intimate dinners at the home of Post publisher Katherine Weymouth, each sponsored at a cost of $25,000. In response to the initial story, White House counsel Greg Craig reportedly sent out an e-mail (megaphone management) with the 9-page White House policy attached that covered dos and don’ts involving gifts, relationships and invitations toRead More →

By:
On:
In: *Connecting the Dots Blog*, Information Security, Risk Management

Ok, now we are starting to get into the action points that have a lot more complexity and will absolutely require an “intelligent playbook” and innovative tools to implement appropriate mechanisms, priorities, processes, policies, roles, responsibilities, activities and more across the federal government.  Based on Lessons Learned, Inspector General Reports and a recent May 2009 GAO Report that stated 23 out of 24 major federal agencies had weaknesses in their agencywide information security programs…it is obvious that action point 5 is going to be extremely difficult to implement and manage.  Action Point 5 – Convene appropriate interagency mechanisms to conduct interagency-cleared legal analyses of priorityRead More →

By:
On:
In: *Connecting the Dots Blog*, Information Privacy, Information Security

So the new Cybersecurity Adviser (aka Head Coach) will be announced this week…and as I mentioned previously regarding Step 1 and Step 2, the Head Coach will play a vital role in coordinating people, entities, policies, activities, strategies and ongoing updates as strategies and threats change.  We reviewed how the Head Coach will need to implement an “intelligent playbook” to ensure all appropriate people have access to customized knowledge they need to make better decisions and achieve better results.  The “cybersecurity intelligent playbook” will no doubt need tools that will empower the Head Coach and enable all appropriate personnel to have secure accessibility to theirRead More →